QUESTION 179Refer to the exhibit. You are configuring permissions for a new Cisco ISE standard authorization profile. If you configure the Tunnel-Private-Group-ID attribute as shown, what does the value 123 represent?

A. the VLAN IDB. the VRF IDC. the tunnel IDD. the group ID

Answer: A

QUESTION 180Where would a Cisco ISE administrator define a named ACL to use in an authorization policy?

A. In the conditions of an authorization rule.B. In the attributes of an authorization rule.C. In the permissions of an authorization rule.D. In an authorization profile associated with an authorization rule.

Answer: D

QUESTION 181Refer to the exhibit. Which URL must you enter in the External Webauth URL field to configure Cisco ISE CWA correctly?

QUESTION 182When you configure an endpoint profiling policy rule, which option describes the purpose of the minimum certainty factor?

A. It is compared to the total certainty metric of an individual endpoint to determine whether the endpoint can be trusted.B. It is compared to the assigned certainty value of an individual endpoint in a device database to determine whether the endpoint can be trusted.C. It is used to compare the policy condition to other active policies.D. It is used to determine the likelihood that an endpoint is an active, trusted device on the network.

Answer: A

QUESTION 183You have configured a Cisco ISE 1.2 deployment for self-registration of guest users. What two options can you select from to determine when the account duration timer begins? (Choose two.)

A. CreateTimeB. FirstLoginC. BeginLoginD. StartTime

Answer: AB

QUESTION 184Which error in a redirect ACL can cause the redirection of an endpoint to the provisioning portal to fail?

A. The redirect ACL is blocking access to ports 80 and 443.B. The redirect ACL is applied to an incorrect SVI.C. The redirect ACL is blocking access to the client provisioning portal.D. The redirect ACL is blocking access to Cisco ISE port 8905.

Answer: A

QUESTION 185Where must periodic re-authentication be configured to allow a client to come out of the quarantine state and become compliant?

A. on the switch portB. on the router portC. on the supplicantD. on the controller

A. It provides support for native supplicants, allowing users to connect devices directly to the network.B. It provides the My Devices portal, allowing users to add devices to the network.C. It provides support for users to install the Cisco NAC agent on enterprise devices.D. It provides self-registration functionality to allow guest users to access the network.

Answer: A

QUESTION 187During client provisioning on a Mac OS X system, the client system fails to renew its IP address. Which change can you make to the agent profile to correct the problem?

QUESTION 189What is the function of the SGACL policy matrix on a Cisco TrustSec domain with SGT Assignment?

A. It determines which access policy to apply to the endpoint.B. It determines which switches are trusted within the TrustSec domain.C. It determines the path the SGT of the packet takes when entering the Cisco TrustSec domain.D. It lists all servers that are permitted to participate in the TrustSec domain.E. It lists all hosts that are permitted to participate in the TrustSec domain.

Answer: A

QUESTION 190You are configuring SGA on a network device that is unable to perform SGT tagging. How can the device propagate SGT information?

A. The device can use SXP to pass IP-address-to-SGT mappings to a TrustSec-capable hardware peer.B. The device can use SXP to pass MAC-address-to-STG mappings to a TrustSec-capable hardware peer.C. The device can use SXP to pass MAC-address-to-IP mappings to a TrustSec-capable hardware peer.D. The device can propagate SGT information in an encapsulated security payload.E. The device can use a GRE tunnel to pass the SGT information to a TrustSec-capable hardware peer.

Answer: A

QUESTION 191Refer to the exhibit. The links outside the TrustSec area in the given SGA architecture are unprotected. On which two links does EAC take place? (Choose two.)

A. between switch 2 and switch 3B. between switch 5 and host 2C. between host 1 and switch 1D. between the authentication server and switch 4E. between switch 1 and switch 2F. between switch 1 and switch 5

QUESTION 193You are troubleshooting wired 802.1X authentications and see the following error: “Authentication failed: 22040 Wrong password or invalid shared secret.” What should you inspect to determine the problem?

QUESTION 197Which description of the purpose of the Continue option in an authentication policy rule is true?

A. It allows Cisco ISE to check the list of rules in an authentication policy until there is a match.B. It sends an authentication to the next subrule within the same authentication rule.C. It allows Cisco ISE to proceed to the authorization policy regardless of authentication pass/fail.D. It sends an authentication to the selected identity store.E. It causes Cisco ISE to ignore the NAD because NAD will treat the Cisco ISE server as dead.

Answer: C

QUESTION 198How many days does Cisco ISE wait before it purges a session from the active session list if no RADIUS Accounting STOP message is received?

A. 1B. 5C. 10D. 15

Answer: B

QUESTION 199A user configured a Cisco Identity Service Engine and switch to work with downloadable access list for wired dot1x users, though it is failing to work. Which command must be added to address the issue?

Lead2pass promise that all 300-208 exam questions are the latest updated, we aim to provide latest and guaranteed questions for all certifications. You just need to be braved in trying then we will help you arrange all later things! 100% pass all exams you want or full money back! Do you want to have a try on passing 300-208?